RiskRecon security ratings help organizations understand the cybersecurity posture of current and potential vendors

As organizations continue to expand the scope of the third, fourth, and nth party relationships, it’s more critical than ever to ensure the vendors they are working with are operating in a secure manner to keep their data safe.

To help combat third-party risk challenges for organizations of all shapes and sizes, RiskRecon is announcing a new partnership with OneTrust, making RiskRecon’s cybersecurity risk ratings available to all Third-Party Risk Exchange customers. 

This new partnership will pull RiskRecon scores into the OneTrust Third-Party Risk Exchange, and will greatly reduce the manual cycles many companies are using currently to onboard, assess, and mitigate threats from their vendors. The RiskRecon platform will provide continuous capabilities for OneTrust customers to proactively assist in their third-party risk management efforts. 

"RiskRecon is thrilled that OneTrust is a member of our Cybersecurity Alliances Program, and for us to be a part of OneTrust's Third-Party Risk Exchange. This new partnership will help countless organizations in their attempts to reduce third-party risk across their vendor ecosystem and will allow these customers to secure their digital supply chains in ways they did not know were possible," - Peter Ling, RiskRecon, a Mastercard Company, Vice President, Global Cybersecurity Alliances and Cyber Resilience Programs.

How Will the Partnership Reduce Third-Party Risks?

With visibility into a third party’s cyber risk rating, customers can take proactive measures and work directly with their third parties to reduce risks identified by the RiskRecon grade. 

In addition, organizations that are customers of both OneTrust and RiskRecon can take further advantage of the integration by setting up automated workflows to take action when grades change.

For example, when scores reach a defined threshold, the OneTrust platform can automatically:

  • Identify New Risks
  • Trigger an Automated Assessment
  • Kickoff an Incident Response Workflow
  • Notify Key Stakeholders via Email Alerts
  • Update Your Vendor Inventory

What is the OneTrust Third-Party Risk Exchange?

The OneTrust Third-Party Risk Exchange is a global community that brings businesses and their third parties together into a single community to share information and build mutual trust. Thousands of organizations and their third parties participate in the Exchange to collectively centralize and share critical information about their security, privacy, ethics, compliance, and ESG programs. This community-based approach makes third-party risk easier for, both you and your third parties. The OneTrust Third-Party Risk Exchange is available on the OneTrust Trust Intelligence Platform, which brings together teams, data, and workflows across privacy, GRC, ethics, and ESG programs.

How is RiskRecon’s cyber risk rating determined?

RiskRecon’s cyber risk rating is determined by evaluating a plethora of criteria across 9 security domains including email security, data loss history, network filtering, governance, DNS security, threat intelligence, defensibility, web encryption, web application, software patching. The impact of all vulnerabilities is analyzed to produce the cyber risk rating.

Within each security domain, RiskRecon reports overall current performance, trends, and industry benchmarks, backed by detailed information summaries and descriptions along with issue severity and risk priority.

Among other factors that analyze third parties’ security posture, RiskRecon’s grade for that company is then produced and added to the OneTrust Third-Party Risk Exchange profile, along with other information from additional data providers.

If you're interested in a free RiskRecon trial, please visit here for more information. 

Start your free trial